Third of IT staff are compulsive 'snoop-aholics'
A third of IT professionals polled by data security firm Cyber-Ark admitted to snooping around their organisations’ enterprise networks, and illicitly viewing confidential information, such as salary details, merger and acquisition plans, private emails, board meeting minutes, and other sensitive information.
One hundred out of 300 senior techies surveyed at the InfoSecurity 2008 exhibition use their privileged rights and administrator passwords to peek at records that they are not actually privy to, reports the company’s survey ‘Trust, Security and Passwords’.
“To most people, admin passwords are a seemingly innocuous tool used by IT departments to update or amend systems,” explains Mark Fullbrook, Cyber-Ark’s UK director; “but to those in the know such passwords are the keys to the kingdom - and if unprotected or fall into the wrong hands, wield a great deal of power.”
When it comes to monitoring IT behaviours, in many organisations the most technically-savvy employees are the least audited, Fullbrook adds: “IT managers with privileged passwords should be subject to the same monitoring and control procedures as anyone else with access to the network. Top techies are in a more privileged position than senior boardroom executives, in some cases. If the price is right what’s stopping them from choosing to trade information to the highest bidder?”
Fullbrook believes that organisations should devote as much IT security resource to watching IT administrators as they do rank-and-file users: “You just need to remove the source of temptation. People have to get used to using work-a-day IT with filters and checks in place as integral to standard procedure.”